-
-
Notifications
You must be signed in to change notification settings - Fork 406
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
make:auth Login form: we should add RememberMeBadge #848
Comments
Spent a good hour on this. |
+1. I just spent last 40 minutes trying to figure out why the remember me functionality wasn't working. I really like the new symfony 5 auth system but documentation on it seems to be a bit lacking. I would expect a maker bundle should include this functionality. |
The documentation for the remember me functionality hasn't been updated in a while (most of the security documentation regarding the authentication system still refers to the old Guard system really) - and this new authentication system with badges is quite new (introduced in Symfony 5.1 and never been the default in any LTS version - symfony 5.4 will be the first I think, with release expected at the end of november). It's probably still beeing fine tuned at the moment I guess. Actually, make:reg and make:reset-password are still using the old passwordencoder (deprecated, but still works for now) instead of the now prefered passwordhasher. And make:reg fails to create the code to authenticate automatically after registration as it can't find the Guard authenticator. This has to be done manually for now. Took me some googling tricks to get this working. Updating so many documentation pages will take time I excpect. |
In the new authenticator system, if you want to support "remember me" functionality, then your authenticator needs to return a
RememberMeBadge
. This advertises that it is "ok to activate remember me on this authenticator". It is safe to always add in our generated code because if the user doesn't have remember me activated (either in config or they don't have the remember me checkbox), nothing will happen. For example, it is ALWAYS returned from the coreFormLoginAuthenticator
.Probably we will also need one comment line above the new badge to explain its purpose.
EDIT: And I wonder if we should even ask "Do you want to support remember me?" during this process? We could then ask "Do you want remember me to be activated via a checkbox or always activated"? We could use this to determine how the template is generated AND to automatically add the correct
remember_me
config tosecurity.yaml
.The text was updated successfully, but these errors were encountered: